IBM® QRadar® can monitor packets that come in on any network interface card that is installed on your system. The network interface card must be installed for QRadar to show it in the list of configurable packet-based flow sources. QRadar monitors the communication between servers. You do not need to create a flow source to monitor the QRadar network management interface as the flow source consumes the flow license.
When you configure the Network Interface flow source, configure only one log source for each Ethernet interface. To filter the network traffic that comes in on the flow source, specify a Berkeley Packet Filter (BPF) in the Filter String field.
After the flow source is configured and the changes are deployed, you can view the network traffic on the Network Activity tab.
You can customize the way that QRadar processes the network traffic. For example, you can configure the way that applications are detected, superflow thresholds, flow direction configuration, and network hierarchy. You can also write rules, perform queries, and filter the network traffic.